From ea5780b7cdf2c0497ea74283a9bbf881ab4a022e Mon Sep 17 00:00:00 2001 From: Steven Gravell Date: Mon, 26 Sep 2011 14:48:16 +0100 Subject: add cacertfile configuration --- src/cowboy_ssl_transport.erl | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/cowboy_ssl_transport.erl') diff --git a/src/cowboy_ssl_transport.erl b/src/cowboy_ssl_transport.erl index 098d409..bb53418 100644 --- a/src/cowboy_ssl_transport.erl +++ b/src/cowboy_ssl_transport.erl @@ -50,6 +50,9 @@ messages() -> {ssl, ssl_closed, ssl_error}. %% certificate. %%
keyfile
Mandatory. Path to the file containing the user's %% private PEM encoded key.
+%%
cacertfile
Optional. Path to file containing PEM encoded +%% CA certificates (trusted certificates used for verifying a peer +%% certificate).
%%
password
Mandatory. String containing the user's password. %% All private keyfiles must be password protected currently.
%% @@ -58,7 +61,7 @@ messages() -> {ssl, ssl_closed, ssl_error}. %% @todo The password option shouldn't be mandatory. -spec listen([{port, inet:ip_port()} | {certfile, string()} | {keyfile, string()} | {password, string()} - | {ip, inet:ip_address()}]) + | {cacertfile, string()} | {ip, inet:ip_address()}]) -> {ok, ssl:sslsocket()} | {error, atom()}. listen(Opts) -> require([crypto, public_key, ssl]), @@ -70,11 +73,16 @@ listen(Opts) -> ListenOpts0 = [binary, {active, false}, {backlog, Backlog}, {packet, raw}, {reuseaddr, true}, {certfile, CertFile}, {keyfile, KeyFile}, {password, Password}], - ListenOpts = + ListenOpts1 = case lists:keyfind(ip, 1, Opts) of false -> ListenOpts0; Ip -> [Ip|ListenOpts0] end, + ListenOpts = + case lists:keyfind(cacertfile, 1, Opts) of + false -> ListenOpts1; + CACertFile -> [CACertFile|ListenOpts1] + end, ssl:listen(Port, ListenOpts). %% @doc Accept an incoming connection on a listen socket. -- cgit v1.2.3